TeamPage 6.2.64 includes some important changes to mitigate a security vulnerability related to TeamPage's Apache Solr Advanced Search module. We advise all customers who use the Apache Solr Advanced Search Module to update to this TeamPage version as soon as is feasible. This release also includes a small set of bug fixes and other improvements. Please read on for the full list of changes.
We strongly advise customers using Apache Solr with TeamPage to update their TeamPage installations as soon as possible.
• TeamPage now disables the Apache Solr XML Query parser to guard against exploitation of a vulnerability in some versions of the Solr server software. (Internal13314)
• TeamPage no longer presents the details of errors from Solr to end users, including server administrators (who can of course review the logs from TeamPage or Solr to discover what may be causing problems with a particular search query). (Solr1286)
An updated Apache Solr installer will fully resolve CVE-2017-12629 issues.
• The Apache Solr installers we offer to customers licensed for the Solr Advanced Search module will soon be updated to incorporate a version of Solr that is not affected by this vulnerability. A separate announcement will follow when those Solr installers are ready. Traction Software will update the Solr software used by all TeamPage Cloud subscribers at the same time. (Internal13322)
Bug Fixes
• Fixed a bug that prevented users using the built-in Visitor account from seeing images they may have uploaded and inserted into the content a comment or other entry after the uploads completed. The uploads would be accepted, but the user would be improperly prompted to log in when the browser tried to show the image in the rich text editor. (Server99851)
• Fixed an issue that prevented TeamPage from correctly observing the "Personal Calendar Events" user preferences "Show events related to projects in which you are an Owner or a Member" and "Show events related to projects in which there is a task assigned to you". (JPBO39676)
• Fixed an issue which could, in some browsers, cause the title and checkbox of an entry in a task list to appear in the wrong location. (Proteus17812)
Improvements
The FullCalendar Plug-in
• Cleaned up some old plug-ins that have been subsumed by the FullCalendar plug-in. (JPBO39655)
• Added support for optionally displaying the end time of events. (JPBO39665)
• Added support for optionally displaying the containing space, associated project, associated milestone, and tags to calendar items. (JPBO39667)
